[PATCH v9 00/10] Enable EFI capsule generation through binman

Sughosh Ganu sughosh.ganu at linaro.org
Sat Aug 12 07:57:15 CEST 2023 

This patch series adds support for generation of EFI capsules as part
of u-boot build flow. The capsules can be generated as part of u-boot
build, and this is being achieved through binman, by adding a capsule
entry type. The parameters needed for capsule generation are specified
as properties under the capsule entry node.

Changes have also been made to the efi capsule update feature testing
setup on the sandbox variants. Currently, the capsule files and the
keys for testing capsule authentication are generated after u-boot has
been built. As part of this patch series, the private and public keys
along with the EFI Signature List(ESL) needed for testing the capsule
update functionality on the sandbox plaform are placed in the board
directory. The test logic has been changed so that the capsules which
were generated as part of the test setup are now being generated as
part of the build for sandbox platform. The document has been updated
to reflect the above changes.

Changes since V8:

The following are changes per individual patches

* New patch based on suggestions from Simon Glass.
* Move the 'multiple-images' property to top level dts files.
* Get sandbox_vpl's binman node to generate an image, with the above
  change.
* New patch to build the capsule code for all sandbox variants.
* Remove the type property by renaming the capsule nodes as
  'efi-capsule'.
* Remove mention of capsule generation through config file.


Sughosh Ganu (10):
  binman: bintool: Build a tool from a list of commands
  nuvoton: npcm845-evb: Add a newline at the end of file
  sandbox: capsule: Add keys and certificates needed for capsule update
    testing
  sandbox: capsule: Enable EFI capsule module on sandbox variants
  btool: mkeficapsule: Add a bintool for EFI capsule generation
  binman: capsule: Add support for generating EFI capsules
  sandbox: binman: Add support for generating multiple images
  sandbox: capsule: Generate capsule related files through binman
  doc: Add documentation to highlight capsule generation related updates
  sandbox: trace: Increase trace buffer size

 .azure-pipelines.yml                          |   2 +-
 .gitlab-ci.yml                                |   2 +-
 arch/arm/dts/nuvoton-npcm845-evb.dts          |   2 +-
 arch/sandbox/dts/sandbox.dts                  |   3 +
 arch/sandbox/dts/sandbox_capsule.dtsi         | 315 ++++++++++++++++++
 arch/sandbox/dts/sandbox_vpl.dtsi             |   5 +
 arch/sandbox/dts/test.dts                     |   3 +
 board/sandbox/capsule_priv_key_bad.key        |  28 ++
 board/sandbox/capsule_priv_key_good.key       |  28 ++
 board/sandbox/capsule_pub_esl_good.esl        | Bin 0 -> 831 bytes
 board/sandbox/capsule_pub_key_bad.crt         |  19 ++
 board/sandbox/capsule_pub_key_good.crt        |  19 ++
 configs/sandbox_noinst_defconfig              |   2 +
 configs/sandbox_spl_defconfig                 |   2 +
 configs/sandbox_vpl_defconfig                 |   2 +
 doc/develop/uefi/uefi.rst                     |  16 +
 include/sandbox_efi_capsule.h                 |  21 ++
 test/py/tests/test_efi_capsule/conftest.py    | 155 +--------
 .../tests/test_efi_capsule/uboot_bin_env.its  |  36 --
 test/py/tests/test_trace.py                   |   2 +-
 tools/binman/bintool.py                       |  19 +-
 tools/binman/btool/mkeficapsule.py            | 101 ++++++
 tools/binman/entries.rst                      |  64 ++++
 tools/binman/etype/efi_capsule.py             | 143 ++++++++
 tools/binman/ftest.py                         | 118 +++++++
 tools/binman/test/311_capsule.dts             |  21 ++
 tools/binman/test/312_capsule_signed.dts      |  23 ++
 tools/binman/test/313_capsule_version.dts     |  22 ++
 tools/binman/test/314_capsule_signed_ver.dts  |  24 ++
 tools/binman/test/315_capsule_oemflags.dts    |  22 ++
 tools/binman/test/316_capsule_missing_key.dts |  22 ++
 .../binman/test/317_capsule_missing_index.dts |  20 ++
 .../binman/test/318_capsule_missing_guid.dts  |  19 ++
 33 files changed, 1093 insertions(+), 187 deletions(-)
 create mode 100644 arch/sandbox/dts/sandbox_capsule.dtsi
 create mode 100644 board/sandbox/capsule_priv_key_bad.key
 create mode 100644 board/sandbox/capsule_priv_key_good.key
 create mode 100644 board/sandbox/capsule_pub_esl_good.esl
 create mode 100644 board/sandbox/capsule_pub_key_bad.crt
 create mode 100644 board/sandbox/capsule_pub_key_good.crt
 create mode 100644 include/sandbox_efi_capsule.h
 delete mode 100644 test/py/tests/test_efi_capsule/uboot_bin_env.its
 create mode 100644 tools/binman/btool/mkeficapsule.py
 create mode 100644 tools/binman/etype/efi_capsule.py
 create mode 100644 tools/binman/test/311_capsule.dts
 create mode 100644 tools/binman/test/312_capsule_signed.dts
 create mode 100644 tools/binman/test/313_capsule_version.dts
 create mode 100644 tools/binman/test/314_capsule_signed_ver.dts
 create mode 100644 tools/binman/test/315_capsule_oemflags.dts
 create mode 100644 tools/binman/test/316_capsule_missing_key.dts
 create mode 100644 tools/binman/test/317_capsule_missing_index.dts
 create mode 100644 tools/binman/test/318_capsule_missing_guid.dts

-- 
2.34.1

More information about the U-Boot mailing list